Something relatively simple like if you have a new account and you create a bunch of threads really close together they become hidden until approved by a moderator is unlikely to get in the way of most actual users, but would have stopped the Korean spam, for example.

Ok, so current settings for user registration are:
- reCaptcha v2
- new users are placed in "Newly registered user" group (posts needed to change group = 10)
- new users have very limited write access to all forums except off-topic and support (restrictions are based on default settings of "Newly registered user" which are quite good - moderators have to approve posts, so if possible please check regularly in MCP for new posts to approve/disapprove). I left off-topic and support, so one would post help request without much hassle.

Let's see how this settings will work, I'll update settings after few day if needed.

P.S. I'll be very busy in next weeks (my son will be born soon), so if something will be needed, please send me PM or email me directly.

I'm not super-comfortable with reCaptcha, since it's used to improve drone strike :/

Woah, that's a new one to add to the "screw google" list

I am not so sure about the new rules, because if anyone did get tripped up by them it is unlikely we would ever hear about it, they would just not come back and we'd lose those users. Personally, when I happen to sign up to a new forum or community it is usually to post a "drive by" request or suggestion which then spirals into larger contributions later on. If I have to go through substantial hoops or a waiting time before I can make that first submission, I would probably just not bother and not come back. Also I am not sure why we would add 3 separate measures (captcha, forum restrictions and post approvals) at once. If one of them works to deter the spam then the rest are just unnecessary inconveniences in my mind.

To bring up a topic related to fighting spam, I'm a bit concerned about the use of Cloudflare on the web site. If you didn't know how CloudFlare works, they act as a MITM between the user and the web server and they can see the decrypted HTTPS traffic. Ignoring the implications that has on things that were supposed to be private like passwords and private messages, and even if you don't think you have anything private in your interaction with the site, CF can still fingerprint your browser and build a profile of you based on all the CloudFlare using sites you visit. At this point CloudFlare has centralised a large part of the web and I wouldn't be surprised if that massive influence results in a scandal down the line, be it by incompetence, a rogue employee, or an outside hacker. Oh wait, we've already had CloudBleed.

I am definitely not suggesting that our web master with his new commitment (congrats ) should go into overdrive to respond to all this, so please take this post mainly as a point of reference for the community to come together with suggestions and alternatives. For instance, I might point out that the front page openmw.org is essentially non-interactive (comments were disabled a long time ago), so it's probably not necessary to have the maintenance overhead of something like WordPress. I envision a static page hosted on github could be easier to maintain and makes it easier for the community to pitch in with updates, too. Currently, not many people have access to edit the site and the people that do have access have many other commitments, so information on the site is outdated much of the time, as evidenced by the FAQ stating that 'scrawl accepts donation on his website' and that the S3TC patent may expire in October 2017. Likewise, the Wiki could benefit from a re-thinking. Much of the 'User documentation' pages can be migrated to the official documentation in the repo that is hosted by readthedocs. The development documentation like coding guidelines, dev environment setup, testing, etc. could move to the repo as markdown files. Things like mod testing and screenshots that have little to do with the development of the project itself could be split off to a separate user wiki. At that point, I don't think much if anything would be left that still necessitates an OpenMW Wiki, and even less work for our webmaster

I am definitely not suggesting that our web master with his new commitment (congrats ) should go into overdrive to respond to all this, so please take this post mainly as a point of reference for the community to come together with suggestions and alternatives. For instance, I might point out that the front page openmw.org is essentially non-interactive (comments were disabled a long time ago), so it's probably not necessary to have the maintenance overhead of something like WordPress. I envision a static page hosted on github could be easier to maintain and makes it easier for the community to pitch in with updates, too. Currently, not many people have access to edit the site and the people that do have access have many other commitments, so information on the site is outdated much of the time, as evidenced by the FAQ stating that 'scrawl accepts donation on his website' and that the S3TC patent may expire in October 2017. Likewise, the Wiki could benefit from a re-thinking. Much of the 'User documentation' pages can be migrated to the official documentation in the repo that is hosted by readthedocs. The development documentation like coding guidelines, dev environment setup, testing, etc. could move to the repo as markdown files. Things like mod testing and screenshots that have little to do with the development of the project itself could be split off to a separate user wiki. At that point, I don't think much if anything would be left that still necessitates an OpenMW Wiki, and even less work for our webmaster

I think a lot of this is a really good idea. I don't have the time in this very moment to re-post this as a thread for discussion in the website forum, but I will try to later if someone doesn't beat me to it.

Wasn't my suggestion not 'block everything until approved' but instead 'block everything except the first post or two until approved if a newly registered user attempts to make a lot of threads in rapid succession'? Blocking the first post is just a nuisance and the vast majority of first posts aren't spam.